Powershell“填充无效,无法删除”错误

时间:2017-07-02 21:18:53

标签: powershell encryption

我正在尝试解密Powershell中的字符串并收到此错误。可能有什么不对?

1 个答案:

答案 0 :(得分:0)

这个异常可以表示很多不同的东西,并不是所有这些都与填充有关,所以我试图对可能发生这种情况的所有不同场景进行编目。

如果你知道抛出此填充异常的另一种情况,请添加它。

首先,这是一个按预期工作的加密/解密示例。

$testData = "Hi there! This is a test of a string during encryption"
$enc = [system.Text.Encoding]::UTF8
$data = $enc.getBytes($testData)

# Encrypt some data

$encryptAlgorithm = [System.Security.Cryptography.SymmetricAlgorithm] (New-Object System.Security.Cryptography.AesCryptoServiceProvider)

$encryptAlgorithm.Mode = [System.Security.Cryptography.CipherMode]::CBC
$encryptAlgorithm.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
$encryptAlgorithm.KeySize = 128
$encryptAlgorithm.BlockSize = 128
$encryptAlgorithm.Key = @(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
$encryptAlgorithm.IV = @(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)


$encryptor = [System.Security.Cryptography.ICryptoTransform]$encryptAlgorithm.CreateEncryptor()
$encryptorMemoryStream = new-Object IO.MemoryStream
$encryptorCryptoStream = new-Object Security.Cryptography.CryptoStream $encryptorMemoryStream,$encryptor,"Write"
$encryptorCryptoStream.Write($data, 0, $data.Length)
$encryptorCryptoStream.FlushFinalBlock();

$encryptedData = $encryptorMemoryStream.ToArray()

Write-Host $enc.GetString($encryptedData)
Write-Host $encryptedData.Length

# Decrypt some data
$descryptAlgorithm = [System.Security.Cryptography.SymmetricAlgorithm] (New-Object System.Security.Cryptography.AesCryptoServiceProvider)

$descryptAlgorithm.Mode = [System.Security.Cryptography.CipherMode]::CBC
$descryptAlgorithm.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
$descryptAlgorithm.KeySize = 128
$descryptAlgorithm.BlockSize = 128
$descryptAlgorithm.Key = @(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
$descryptAlgorithm.IV = @(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)

$decryptor = [System.Security.Cryptography.ICryptoTransform]$descryptAlgorithm.CreateDecryptor()

$dataToDecrypt = $encryptedData

$decryptorMemoryStream = new-Object IO.MemoryStream @(,$dataToDecrypt)
$decryptorCryptoStream = new-Object Security.Cryptography.CryptoStream $decryptorMemoryStream,$decryptor,"Read"
$streamReader = new-Object IO.StreamReader $decryptorCryptoStream
try
{
    Write-Output $streamReader.ReadToEnd()
}
catch
{
    $e = $_.Exception
    $msg = $e.Message
    while ($e.InnerException) {
      $e = $e.InnerException
      $msg += "`n" + $e.Message
    }
    $msg
}

让我们看一些触发填充异常的例子。

无法刷新最后一个块

这个blog post很好地写了这个场景。

#$encryptorCryptoStream.FlushFinalBlock();

无效密钥

我在这里略微更改了用于解密密钥的字节数组,以模拟不匹配的密钥。

$descryptAlgorithm.Key = @(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17)

Rijndael管理空输入

$descryptAlgorithm = [System.Security.Cryptography.SymmetricAlgorithm] (New-Object System.Security.Cryptography.RijndaelManaged)
// ...
$dataToDecrypt = @()

填充无效

我手动在数据末尾添加了一些无效的填充来解密。

$dataToDecrypt = $encryptedData + @(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)

不同的填充方案

有趣的是,只有一些填充方案组合会导致填充错误。即使产生的刺痛不正确,很多人也会毫无错误地解密。

$descryptAlgorithm.Padding = [System.Security.Cryptography.PaddingMode]::ANSIX923

不同的区块大小

$descryptAlgorithm.BlockSize = 64